Insight by Carahsoft

Reducing complexity, moving toward more integrated cyber defenses

The Evolution of Cybersecurity

If you look across the rest of IT, we’ve seen standardization in almost every other segment of IT whether it’s networking or storage or enterprise resource planning systems or operating systems. You have that level of interoperability that doesn’t exist today with security tools.

Moving to the Cloud and the Cyber Effect

The shift for our chief information security officers starts to shift away from being technology experts and building these hard perimeters and being more focused on doing business analysis and how to quantify the risk associated with a particular asset.

In May, the White House released the first ever cyber risk assessment for the federal government. This comprehensive look across 71 agencies found generally speaking agencies lacked threat information and that led to ineffective allocations of agencies’ limited cyber resources. The administration says this situation creates enterprisewide gaps in network visibility, IT tool and capability standardization, and common operating procedures, all of which negatively impact federal cybersecurity.

The White House found 25 agencies are managing risk successfully, while 59 agencies are at risk and 12 agencies are considered at risk with how they manage their cyber challenges.

OMB’s report highlighted a myriad of what many would call bad habits that have developed over the past two decades. But it also demonstrates the constant need for cybersecurity protections to evolve by reducing complexity, adding advanced protections at the data level and, maybe most importantly, taking a risk management approach focused on the most important IT assets.

Chris Townsend, the vice president of federal for Symantec, said it’s time for agencies to drive that complexity out of their cybersecurity environment and move to a more standard approach.

Over the last 20 years, agencies built out their network and system environments reactively, meaning too often they addressed a new threat or vulnerability with a new tool or new layer of defense. He said some of the blame lies at the feet of vendors for not educating customers on all the capabilities of the tools they bought and for promoting the concept of vendor diversity.

“Those tools don’t talk a common protocol or a common language to be able to share information. If you look across the rest of IT, we’ve seen standardization in almost every other segment of IT whether it’s networking or storage or enterprise resource planning systems or operating systems. You have that level of interoperability that doesn’t exist today with security tools,” Townsend said on the Innovation in Government show. “So we are forcing our very limited resources in our security operators and threat analysts to correlate and really start to drive interoperability between the tools using a human element, which is not scalable and certainly not agile enough to respond to the state sponsored threats and bad actors we are facing on a day-to-day basis.”

This complexity becomes more challenging as agencies move to the cloud as well. Townsend said agencies will have to stand up redundant systems on-premise and in the cloud, and therefore will need a security stack that can address both instances.

“How do you do that without exacerbating the existing problem of complexity and cost?” he said. “[You do that] by building an integrated security platform that extends from on-premise into the cloud. For example, a lot of agencies have stood up a data loss prevention (DLP) system, which is a very complex system to stand up on premise. Standing that up in a cloud environment is a heavy lift, but if you can extend your on-premise DLP policies into the cloud through a cloud access security broker, through an integrated architecture, it really solves for that complexity.”

One answer to this lack of interoperability and complexity is a new industrywide effort called the integrated cyber defense exchange (ICDx). Townsend said ICDx is a security fabric that is based on open standards, STIX/TAXII and REST application programming interfaces (APIs).

“We recently announced version 1 of the ICDx fabric. We have over 140 industry partners,” he said. “This is a mindset shift and a different approach. Industry and government need to sit down and figure out how to solve for all this complexity and move toward a more integrated platform approach. Our first step is to get the ability to implement a platform and ICDx will give us that ability.”

Townsend by reducing complexity and moving toward a standard approach will help agencies buy down risk around their most sensitive and valuable assets.

“The shift for our chief information security officers starts to shift away from being technology experts and building these hard perimeters and being more focused on doing business analysis and how to quantify the risk associated with a particular asset. And then how to invest our limited resources in limiting the risk around our core assets knowing that we will probably get breached in some areas but as long as our high valued assets are protected, that’s success,” he said.

 

About Symantec

Symantec Corporation (NASDAQ: SYMC), the world’s leading cyber security company, helps organizations, governments and people secure their most important data wherever it lives. Organizations across the world look to Symantec for strategic, integrated solutions to defend against sophisticated attacks across endpoints, cloud and infrastructure. Likewise, a global community of more than 50 million people and families rely on Symantec’s Norton suite of products for protection at home and across their devices. Symantec operates one of the world’s largest civilian cyber intelligence networks, allowing it to see and protect against the most advanced threats. For additional information, please visit www.symantec.com or connect with us on FacebookTwitter, and LinkedIn.

Resource Center: